<cfcomponent>
<cffunction name="login" access="public" returntype="string">
  <cfargument name="user" type="string" required="yes">
  <cfargument name="pass" type="string" required="yes">
  <cfargument name="pathtoencryptfunction" required="no" default="cfcs.common" hint="the path to the encryption cfc">
  <cfinvoke component="#pathtoencryptfunction#.encryption" method="encryptstring" textstring="#trim(pass)#" returnvariable="encryptedpass">
  <cflock scope="session" timeout="10" type="exclusive">
    <cfset session.admin_username = user>
    <cfset session.admin_password = encryptedpass>
  </cflock>
  <cfset isloggedin = 0>
  <cfreturn isloggedin>
</cffunction>
<cffunction name="checklogin" access="public" returntype="string">
  <cfargument name="admin_user" required="yes" type="string">
  <cfargument name="admin_pass" required="yes" type="string">
  <cfargument name="pathtoencryptfunction" required="no" default="cfcs.common" hint="the path to the encryption cfc">
  <cfinvoke component="#pathtoencryptfunction#.encryption" method="encryptstring" textstring="#trim(request.adminpassword)#" returnvariable="eadminpass">
  <cfif admin_user IS request.adminusername AND admin_pass IS eadminpass>
    <cflock scope="session" timeout="10" type="exclusive">
      <cfset session.userlevel = 99999>
      <cfset session.id = 0>
    </cflock>
    <cfset isloggedin = 1>
    <cfelse>
    <cfquery name="qchecklogin" datasource="#request.dsn#">
            SELECT * FROM core_admins
            WHERE username = '#admin_user#' 
            AND pword = '#admin_pass#'
            </cfquery>
    <cfif qchecklogin.recordcount GT 0>
      <cfset isloggedin = 1>
      <cflock scope="session" timeout="10" type="exclusive">
        <cfset session.userlevel = qchecklogin.userlevel>
        <cfset session.id = qchecklogin.id>
      </cflock>
      <cfelse>
      <cfset isloggedin = 0>
    </cfif>
  </cfif>
  <cfreturn isloggedin>
</cffunction>
<cffunction name="logoff" access="public" returntype="void">
  <cfset tempvariable = StructClear(session)>
</cffunction>
<cffunction name="writesettings" returntype="string" description="Writes the settings file to the configuration folder">
  <cfargument name = "path" type="string" required="no" default="#request.basepath#" hint="Full path to the installation folder">
  <cfargument name = "cfdsn" type="string" required="no" default="#request.dsn#" hint="Coldfusion dsn of the settings">
  <cfquery name = "qsettings" datasource="#cfdsn#">
        SELECT * FROM core_settings
        </cfquery>
  <cffile action = "write" file="#path#config/settings.cfm" output="" mode="777">
  <cfset col_list = qsettings.columnlist>
  <cfloop from="1" to = "#listlen(col_list)#" index="c">
    <cfset thiscol = listgetat(col_list, c)>
    <cfset requestvar = 'REQUEST.#thiscol#'>
    <cfset requestvar = lcase(requestvar)>
    <cfset requestval = 'qsettings.#thiscol#'>
    <cfset requestval = evaluate(requestval)>
    <cfif NOT requestval CONTAINS "'">
      <cfset thisline = "<cfset #requestvar# = '#requestval#'>">
      <cfelse>
      <cfset thisline = '<cfset #requestvar# = "#requestval#">'>
    </cfif>
    <cffile action = "append" file="#path#config/settings.cfm" output="#thisline#" addnewline="yes">
  </cfloop>
  <cfreturn outputmsg>
</cffunction>
<cffunction name="checkpermissions" access="public" returntype="numeric" hint="returns a 1 or 0 depending on if the user has permission to access the component, action, or script">
  <cfargument name="userlevel" required="yes" type="numeric">
  <cfargument name="userid" required="yes" type="numeric">  
  <cfargument name="c" required="no" type="string" default="" hint="component to black list/white list">
  <cfargument name="a" required="no" type="string" default="" hint="action to black list/white list">
  <cfargument name="scriptname" required="no" type="string" default="" hint="script file (absolute path to script) to white list/black list">
  <cfinvoke method="getuserinfo" userid="#userid#" returnvariable="quser">
  <cfset isallowed = 3>  <!---means that an invalid call was used (for debugging purposes)--->
  <!---black listed type (everything allowed except what is on the list--->
  <cfif quser.listtype IS 0>
    <cfset isallowed = 1>
	<cfif len(trim(c)) GT 0>
      <cfif len(trim(a)) GT 0>
        <cfquery name="qpermissions" datasource="#request.dsn#">
        SELECT * FROM core_admins_rules
        WHERE userlevel = <cfqueryparam value="#userlevel#" cfsqltype="cf_sql_integer">
        AND rule_c = <cfqueryparam value="#c#" cfsqltype="cf_sql_varchar">
        AND rule_a = <cfqueryparam value="#a#" cfsqltype="cf_sql_varchar">
        </cfquery>
        <cfif qpermissions.recordcount GT 0>
          <cfset isallowed = 0>
        </cfif>
      <cfelse>
        <cfquery name="qpermissions" datasource="#request.dsn#">
        SELECT * FROM core_admins_rules
        WHERE userlevel = <cfqueryparam value="#userlevel#" cfsqltype="cf_sql_integer">
        AND rule_c = <cfqueryparam value="#c#" cfsqltype="cf_sql_varchar">
        AND rule_a = <cfqueryparam value="ALL" cfsqltype="cf_sql_varchar">
		</cfquery>
        <cfif qpermissions.recordcount GT 0>
          <cfset isallowed = 0>
        </cfif>
      </cfif>
    <cfelse>
		<!---check if specified script is blocked--->
        <cfset current_script = '#cgi.SCRIPT_NAME#'>
        <cfquery name="qpermissions" datasource="#request.dsn#">
            SELECT * FROM core_admins_rules 
            WHERE userlevel = <cfqueryparam value="#userlevel#" cfsqltype="cf_sql_integer">
            AND rule_script = <cfqueryparam value="#scriptname#" cfsqltype="cf_sql_varchar">
            </cfquery>
        <cfif qpermissions.recordcount GT 0>
          <cfset isallowed = 0>
        </cfif>
  	</cfif>
  </cfif>
  <!---white list check (only allowed to access listed components/actions/scripts--->
  <cfif quser.listtype IS 1>
    <cfset isallowed = 0>
	<cfif len(trim(c)) GT 0>
	  <cfif len(trim(a)) GT 0>
        <cfquery name="qpermissions" datasource="#request.dsn#">
        SELECT * FROM core_admins_rules
        WHERE userlevel = <cfqueryparam value="#userlevel#" cfsqltype="cf_sql_integer">
        AND rule_c = <cfqueryparam value="#c#" cfsqltype="cf_sql_varchar">
        AND rule_a = <cfqueryparam value="#a#" cfsqltype="cf_sql_varchar">
        </cfquery>
        <cfif qpermissions.recordcount GT 0>
          <cfset isallowed = 1>
        </cfif>
      <cfelse>
        <cfquery name="qpermissions" datasource="#request.dsn#">
        SELECT * FROM core_admins_rules
        WHERE userlevel = <cfqueryparam value="#userlevel#" cfsqltype="cf_sql_integer">
        AND rule_c = <cfqueryparam value="#c#" cfsqltype="cf_sql_varchar">
        AND rule_a = <cfqueryparam value="ALL" cfsqltype="cf_sql_varchar">
        </cfquery>
        <cfif qpermissions.recordcount GT 0>
          <cfset isallowed = 1>
        </cfif>
      </cfif>
  	<cfelse>
		<!---check if specified script is blocked--->
        <cfset current_script = '#cgi.SCRIPT_NAME#'>
        <cfquery name="qpermissions" datasource="#request.dsn#">
            SELECT * FROM core_admins_rules 
            WHERE userlevel = <cfqueryparam value="#userlevel#" cfsqltype="cf_sql_integer">
            AND rule_script = <cfqueryparam value="#scriptname#" cfsqltype="cf_sql_varchar">
            </cfquery>
        <cfif qpermissions.recordcount GT 0>
          <cfset isallowed = 1>
        </cfif>
 	</cfif>
  </cfif> 
<cfreturn isallowed>
</cffunction>
<cffunction name="getuserinfo" access="public" returntype="query">
  <cfargument name="userid" required="yes" type="numeric">
  <cfquery name="quserinfo" datasource="#request.dsn#">
            SELECT * FROM core_admins
            JOIN core_admins_types ON core_admins.userlevel = core_admins_types.id
            WHERE core_admins.id = <cfqueryparam value="#userid#" cfsqltype="cf_sql_integer">
            </cfquery>
  <cfreturn quserinfo>
</cffunction>
<cffunction name="getpermissions" access="public" returntype="query">
  <cfargument name="groupid" required="yes" type="numeric">
  <cfquery name="qpermissions" datasource="#request.dsn#">
            SELECT * FROM core_admins_rules
            WHERE userlevel = <cfqueryparam value="#groupid#" cfsqltype="cf_sql_integer">
            </cfquery>
  <cfreturn qpermissions>
</cffunction>
<cffunction name="getgroupinfo" access="public" returntype="query">
  <cfargument name="groupid" required="yes" type="numeric">
  <cfquery name="qpermissions" datasource="#request.dsn#">
            SELECT * FROM core_admins_types
            WHERE id = <cfqueryparam value="#groupid#" cfsqltype="cf_sql_integer">
            </cfquery>
  <cfreturn qpermissions>
</cffunction>
<cffunction name="getswitches" access="public" returntype="void" output="yes">
  <cfargument name="c" required="yes" type="string" hint="component called">
  <cfargument name="a" required="yes" type="string" default="default" hint="pass in action call">
  <cffile action="read" file="#request.adminpath#components/#c#/switches/switchesxml.cfm" variable="readxml">
  <cfset menuxml = XmlParse(readxml)>
  <cf_xmlq name = "qmenu" xpath = "/switches/switch" xml = "#menuxml#">
  <cfset wasfound = 0>
  <cfquery name="qinclude" dbtype="query">
    SELECT * FROM qmenu
    WHERE aval = <cfqueryparam value="#a#" cfsqltype="cf_sql_varchar">
    </cfquery>
  <cfif qinclude.recordcount GT 0>
    <cfset wasfound = 1>
    <cfinclude template="#request.absoluteadminpath#components/#c#/#qinclude.template#">
    <cfelse>
    <cfquery name="qdefault" dbtype="query">
        SELECT * FROM qmenu
        WHERE aval = <cfqueryparam value="default" cfsqltype="cf_sql_varchar">
        </cfquery>
    <cfif qdefault.recordcount GT 0>
      <cfinclude template="#request.absoluteadminpath#components/#c#/#qdefault.template#">
      <cfelse>
      No default action is set for this component and the action called was not found
    </cfif>
  </cfif>
</cffunction>
</cfcomponent>